Malicious programmers may distribute malicious resources (such as malware) in a variety of ways. For example, a malicious programmer may use a malware propagation kit (such as BLACKHOLE or REDKIT) to infect a website and distribute malware to users that visit the infected website. Additionally or alternatively, the malicious programmer may pay the owner of the website to host and distribute the malware from his or her website.
The malicious programmer may also modify the website such that the malware is downloadable only by users that accesses a specific redirection link. For example, an unsuspecting user may click on a specific GOOGLE search result or FACEBOOK post that redirects the user to a “one-time” Uniform Resource Locator (URL). This “one-time” URL may trigger a download of the malware from the website only once. Unfortunately, while the user may unknowingly download the malware from the website upon clicking the GOOGLE search result or FACEBOOK post, malware analysts may have difficulty reproducing the same infection for diagnostic purposes since the URL that triggers the download is “one-time” only.
As such, the instant disclosure identifies and addresses a need for improved systems and methods for identifying URLs that link to potentially malicious resources.